BlackHartBlackHart
Scores/Ether.fi

Ether.fi

TEMPERED

Liquid Restaking · Ethereum · $5B+ TVL · 10 contracts

Confidence 83%Z-Factor 0.68Updated 2026-05-17Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

722
BRI Score
3004756508251000

Security Profile

Access Ctrl
62
Economic
75
Oracle
72
Compos.
58
Govern.
48
Resilience
78
OpSec
65
Cascade
45
Min
45
Avg
63
Max
78

Audit History

Certora (Formal)
2024-01
Omniscia
2023-12
Code4rena
2024-02

Bug Bounty Program

$250,000
Max payout on Immunefi
View Program →

Assessment

Largest liquid restaking protocol. Clean track record (no exploit, no depeg). But: full EigenLayer compositional exposure, governance centralization, no timelock on upgrades. Fork validation confirmed 8/8 findings as false positives, indicating strong runtime defense not captured by static graph.

Dimension Breakdown

How scores work →
Access Control
Weight 23%80% conf
62
Moderate
arrow_forward
+1218 permissionless state-mutating functions out of 75 external
+12roleRegistry.hasRole() provides runtime defense invisible to static analysis
+128/8 fork-validated redemption chains are HONEST_NEGATIVE (safeTransferFrom msg.sender pattern)
+12Lone-sink heuristic false positives inflate raw cell count
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 18%82% conf
58
Moderate
arrow_forward
-28Inherits ALL EigenLayer compositional risk (slashing, restaking, AVS)
+15weETH widely integrated: Aave, Morpho, Pendle, Compound
+15Largest liquid restaking by TVL (~$6B+) = maximum cascade exposure
-28Cross-protocol liquidation cascades are primary systemic risk
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 18%85% conf
78
Good
  • Pause mechanism (pauseContract/unPauseContract) gated by roleRegistry roles
  • UUPS upgrade protected by _authorizeUpgrade with owner check
  • Multiple audit rounds: Omniscia, Certora, Zellic
  • 30+ months mainnet without exploit (since Nov 2023)
Economic Soundness
Weight 12%80% conf
75
Good
arrow_forward
+1956 permissionless entries, 19 admin-gated (1_key)
+19True attack surface is 18 permissionless state-mutating functions
+19Key entry points: deposit, withdraw, requestWithdraw, rebase, burnEEthShares
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 12%78% conf
72
Good
arrow_forward
+16Pause mechanism (pauseContract/unPauseContract) gated by roleRegistry roles
+16UUPS upgrade protected by _authorizeUpgrade with owner check
+16Multiple audit rounds: Omniscia, Certora, Zellic
+1630+ months mainnet without exploit (since Nov 2023)
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 12%72% conf
48
Concerning
arrow_forward
+18Internal rate oracle: (totalValueInLp + totalValueOutOfLp) / totalShares
+18amountForShare() and sharesForAmount() are core conversion functions
+18Chainlink integration for DeFi composition pricing
-28No external oracle manipulation surface detected in graph
receipt_longView provenance chainarrow_forward
Operational Security
Weight 12%60% conf
65
Moderate
arrow_forward
-9No branch protection detected
-9CI/CD present but unstable (60% success)
+16Commit signing: 98% verified
+16Strong PR review culture (83% reviewed)
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 6%75% conf
45
Concerning
arrow_forward
  • Inherits ALL EigenLayer compositional risk (slashing, restaking, AVS)
  • weETH widely integrated: Aave, Morpho, Pendle, Compound
  • Largest liquid restaking by TVL (~$6B+) = maximum cascade exposure
  • Cross-protocol liquidation cascades are primary systemic risk
receipt_longView provenance chainarrow_forward

Additional Dimensions

Battle-Tested Maturity
Weight conditional0% conf
-1
Critical
arrow_forward
+16ETHFI token governance exists but team retains significant operational control
+16roleRegistry manages LIQUIDITY_POOL_ADMIN_ROLE, VALIDATOR_APPROVER/CREATOR roles
+16admins/pausers mappings are team-managed
-52Governance participation is low relative to TVL
receipt_longView provenance chainarrow_forward
Supply Chain
Weight conditional0% conf
-1
Critical
arrow_forward
+25SMDE: 0 anomalies, 0 novel classes, 0 clusters
-12Game theory: IRRATIONAL equilibrium (no profitable deviation)
-12Standard DeFi state patterns, no exotic state mutations
+25DEPRECATED_ prefix on 14 functions indicates clean upgrade history
receipt_longView provenance chainarrow_forward

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Cascade Exposure45
Governance & Upgradeability48
Compositional Risk58

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2023-11-01Z-Factor 0.6808 active dimensionsreceipt_longProvenance Ledger

Score History & Verification

Score provenance tracking begins with the next reassessment.

receipt_longView full provenance ledger →

On-Chain Data

Protocol Slug
"etherfi"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("etherfi")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring PlansHow Scores Work
Believe this score contains a factual error? Submit evidence for review →